ownership_authentication.rb 2.15 KB
Edit Raw Blame History



1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84


module OwnershipAuthentication
  extend ActiveSupport::Concern

  def project_owner?
    if self.kind_of?(ProjectsController)
      id = params[:id]
    elsif self.kind_of?(RepositoriesController)
      id = params[:project_id]
    else
      raise "Not supported"
    end

    check_project_ownership(id)
  end

  def repository_owner?
    check_project_ownership(params[:project_id])
  end

  def reading_group_owner?
    if self.kind_of?(ReadingGroupsController)
      id = params[:id]
    elsif self.kind_of?(ReadingsController)
      id = params[:reading_group_id]
    else
      raise "Not supported"
    end

    check_reading_group_ownership(id)
  end

  def reading_owner?
    check_reading_group_ownership(params[:reading_group_id])
  end

  def mezuro_configuration_owner?
    if self.kind_of?(MezuroConfigurationsController)
      id = params[:id]
    elsif (self.kind_of?(BaseMetricConfigurationsController))
      id = params[:mezuro_configuration_id]
    else
      raise "Not supported"
    end
    check_mezuro_configuration_ownership(id)
  end

  def metric_configuration_owner?
    check_mezuro_configuration_ownership(params[:mezuro_configuration_id])
  end


  private

  def check_project_ownership(id)
    if current_user.project_ownerships.find_by_project_id(id).nil?
      respond_to do |format|
        format.html { redirect_to projects_url, notice: "You're not allowed to do this operation" }
        format.json { head :no_content }
      end
    end

    return true
  end

  def check_reading_group_ownership(id)
    if current_user.reading_group_ownerships.find_by_reading_group_id(id).nil?
      respond_to do |format|
        format.html { redirect_to reading_group_url(id), notice: "You're not allowed to do this operation" }
        format.json { head :no_content }
      end
    end

    return true
  end

  def check_mezuro_configuration_ownership(id)
    if current_user.mezuro_configuration_ownerships.find_by_mezuro_configuration_id(id).nil?
      respond_to do |format|
        format.html { redirect_to mezuro_configurations_url(id), notice: "You're not allowed to do this operation" }
        format.json { head :no_content }
      end
    end
  end
end